Security and Privacy Obligations Sample Clauses

The Security and Privacy Obligations clause establishes the responsibilities of parties to protect sensitive information and ensure compliance with applicable data protection laws. It typically requires implementing appropriate technical and organizational measures to safeguard personal data, restricts unauthorized access, and may mandate prompt notification in the event of a data breach. This clause is essential for minimizing the risk of data misuse or loss, ensuring legal compliance, and maintaining trust between the parties.
Security and Privacy Obligations a. The Organization agrees to reasonably assist Hoag in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag policies shall only apply to the extent Users are accessing Systems. ▇. ▇▇▇▇ will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag rules and policies governing privacy and security as provided by Hoag. ▇. ▇▇▇▇ reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Hoag, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. Organization agrees to notify the abo...
Security and Privacy Obligations a. The Organization agrees to reasonably assist Providence in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Providence Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required Request for Access and Non-Employee Confidentiality/ Non-Disclosure/ Acceptable Use Agreement summarizing their responsibilities and be familiar with applicable Providence policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Providence policies shall only apply to the extent Users are accessing Systems. d. Providence will provide an initial password and login for each unique User. Access to Systems will be granted according to Providence policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Providence rules and policies governing privacy and security as provide...
Security and Privacy Obligations a. Rock represents, warrants and covenants that it has, and agrees to maintain, an information security program containing appropriate measures to protect all the data that it receives and/or stores in connection with this Agreement and performing the Services, including, without limitation, Customer information, Personal Information and any data provided by Vroom hereunder, against accidental or unlawful destruction, alteration, unauthorized disclosure or access consistent with applicable laws and in conformity with data processing industry standards and all applicable laws, rules and regulations. In addition, Rock shall implement and maintain physical, logical, administrative, managerial and technical safeguards, controls and measures in accordance with industry standards, relative to the sensitivity of the data involved. b. Without limiting the foregoing, the Parties acknowledge and agree that Rock is a service provider for the purposes of the CCPA. Rock certifies that it understands the rules, restrictions, requirements and definitions of the CCPA and agrees to refrain from taking any action that would cause any transfers of Personal Information to or from Rock to qualify as a sale of Personal Information under the CCPA. Rock acknowledges and confirms that it does not receive any Personal Information from Vroom as consideration for any services or other items provided to Vroom. Rock shall not sell any such Personal Information. Rock shall not retain, use or disclose any Personal Information provided by Vroom or otherwise received by Rock pursuant to the Services, except as necessary for the specific purpose of performing the Services for Vroom pursuant to this Agreement or otherwise as set forth in this Agreement or as permitted by the CCPA. Rock shall assist Vroom with any requests received from individuals under the CCPA or other similar data protection laws and shall, pursuant to Section 10 hereof, defend, indemnify and hold Vroom harmless from any claims relating to Rock’s breach of the foregoing or applicable data protection laws. The terms “sale,” and “sell” are as defined in Section 1798.140 of the CCPA. c. Rock represents, warrants and covenants that it has implemented a mature information security management program that incorporates the key elements and protections of a mature industry IS framework such as ISO 27000, COBIT, BITS, NIST, etc. Without limiting the foregoing, Rock represents, warrants and covenants that it is responsible for meet...
Security and Privacy Obligations a. The Organization agrees to reasonably assist Swedish in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Swedish Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required HIM Managed Epic Access Request form. User Access will not be granted until the User completes the required form. d. Swedish will provide access information for each unique User. Access to Systems will be granted according to Swedish policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Swedish rules and policies governing privacy and security as provided by Swedish. f. Swedish reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Swedish, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or Us...
Security and Privacy Obligations. Master Subscription Agreement - Domestic 3 Last revised on: 10/16/18
Security and Privacy Obligations